I’ve been working really hard to research and rank messaging apps by their privacy. The more green boxes the better.

I plan to turn PrivacySpreadsheet.com into a place for privacy data on everything from cars to video games. It’s all open source too on GitHub.

Not trying to advertise, I just put a lot of time into researching all this, and I want to share it since I think others could benefit.

  • poVoq@slrpnk.net
    link
    fedilink
    arrow-up
    0
    ·
    edit-2
    9 months ago

    You got some errors for XMPP e2ee: the popular mobile clients all enable it by default, it has perfect forward secrecy and a/v calls are usually also e2ee and of course data is encrypted in transit.

    • rcbrk@lemmy.ml
      link
      fedilink
      arrow-up
      1
      ·
      edit-2
      9 months ago

      Yep. Really need to compare the best-practice XMPP clients (e.g. Conversations, Siskin), not half-developed clients more suited to the XMPP landscape of 20 years ago. – Just as Matrix’s ranking in the table is high because only the state-of-the-art clients are considered – there are plenty of Matrix clients which don’t support e2ee, for example.

      This list of mistakes isn’t exhaustive, but extending from poVoq’s mentions, here are some things XMPP(conversations) does actually have positive findings for:

      • End to end encrypted by default [OMEMO]
      • End to end encryption is available [OMEMO]
      • Voice/video calls are end to end encrypted [“calls are always end-to-end encrypted with DTLS-SRTP”]
      • Utilizes Perfect Forward Secrecy [OMEMO]
      • Data is encrypted in transit [TLS and OMEMO]
      • You can verify contacts out of band [https://gultsch.de/trust.html]
      • There has been a third party code audit [2016]
      • Provider can scan for illegal content [If you send content unencrypted, otherwise no different to Matrix/Signal]

      I’m not sure there’s much differentiation between any apps when it comes to “What can the apps hand to police?”; if the police have physical access to your device and app, they have access to everything you do on that device/app.